Data collection tool for use with Hash Master 1000.
Active Directory Dumper (ADD) gathers Active Directory information, including domain users, computers, groups, trusts, and policies, into a JSON file for auditing with Hash Master 1000. It also extracts password hashes from NTDS.dit for password analysis.
.\ActiveDirectoryDumper.exe --help
ActiveDirectoryDumper v2.0
Copyright c 2025
-d, --dumponly (Default: false) Do not perform collection, only dump hashes
-v, --verbose (Default: false)
--help Display this help screen.
--version Display version information.
- The quickest way to get up and running is to grab the latest release.
- It relies on VC_Redist being installed on the system on which the tool is run. If it's not installed, ADD will attempt to install it, which may trigger an AV/EDR alert; however, your mileage may vary.
- Extract the contents of the ZIP file, then run the executable from the command line. By default, it will perform domain enumeration and a hashdump and save to a zip file
ActiveDirectoryDumper_DomainOutput.zipin the same directory as the executable.
The hashdump can also be performed by itself by passing the--dumponlyflag. - It does not need to be run on a Domain Controller, but the user who runs it must have Domain Admin privileges in order to extract the hashes.